OpenClaw x Easylab AIDiscover

AI Governance

Easylab AI integrates artificial intelligence responsibly, in strict compliance with European regulatory frameworks.

Easylab Logo

Our Position

Easylab AI is an AI solution integrator, not an AI model producer. We select, deploy and operate functional AI services for our clients, under structured contracts covering DORA, GDPR and the AI Act.

Data Processor under GDPR

We act as a data processor within the meaning of Article 28 of the GDPR. Data protection terms are defined contractually according to each project's requirements.

ICT Provider under DORA

For financial entities, we qualify as a third-party ICT service provider. Our contracts cover the requirements of Article 30 of DORA.

Deployer under the AI Act

We classify every deployed AI system by risk level and implement the required documentation, transparency and human oversight measures.

Easylab Logo

Regulatory Frameworks

The three European regulations that structure our contracts and practices.

AI Act

Regulation (EU) 2024/1689 on Artificial Intelligence

Progressive application from August 2025

The world's first comprehensive legal framework for AI. Classifies systems by risk level and imposes proportional obligations for transparency, documentation and oversight.

  • AI system classification by risk level (Art. 6, Annex III)
  • Mandatory AI-assistance notice on every deliverable (Art. 50)
  • Mandatory human oversight before dissemination
  • Traceability: technical logs retained for 2+ years
  • Ongoing monitoring of GPAI model compliance (Art. 51+)
DORA

Regulation (EU) 2022/2554 - Digital Operational Resilience

In effect since 17 January 2025

Operational resilience framework for the financial sector. Governs ICT risk management, third-party providers and incident notification requirements.

  • ICT sub-contractor register
  • Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
  • Major incident notification within 48 hours
  • Audit and access rights for the client and the CSSF
  • Exit plan and data portability provisions
GDPR

Regulation (EU) 2016/679 - General Data Protection Regulation

In effect since May 2018

The foundation of any responsible AI integration. Defines the obligations of data controllers and processors for the protection of personal data.

  • Data protection clauses adapted to each contract
  • Processing on documented instructions only (Art. 28)
  • Technical measures: TLS 1.2+ encryption, AES-256
  • Data breach notification within 72 hours (Art. 33)
  • Prior authorisation for any sub-processor
Easylab Logo

Technology Partners

Every provider is evaluated on their certifications and compliance before integration.

Anthropic

Anthropic

Claude

Primary LLM model provider

SOC 2 Type IIISO 27001ISO 42001HIPAA
OpenAI

OpenAI

GPT

Complementary LLM models

SOC 2 Type IIISO 27001ISO 27701CSA STAR
Google Cloud

Google Cloud

GCP

Cloud infrastructure and Vertex AI

SOC 2 Type IIISO 27001ISO 27017ISO 27018C5CSA STAR
Amazon Web Services

Amazon Web Services

AWS

Cloud infrastructure and EU hosting

SOC 2 Type IIISO 27001ISO 27017ISO 27701C5CSA STAR
Microsoft Azure

Microsoft Azure

Azure

Cloud infrastructure and Azure OpenAI

SOC 2 Type IIISO 27001ISO 27017ISO 27701C5CSA STAR
n8n

n8n

n8n Cloud

AI workflow orchestration

SOC 2 Type IISOC 3
Easylab Logo

Contractual Commitments

Documented and verifiable practices, embedded in our service agreements.

Data protection clauses embedded in service agreements
No AI model training on client data - API usage does not feed model training by design
Encryption in transit (TLS 1.2+) and at rest (AES-256)
Strong authentication (MFA) available depending on project requirements
Logical data separation between clients
EU hosting preferred (Frankfurt, Dublin, Tallinn)
Access and operation logging, retention period per client requirements
Incident notification within 48h (DORA) / 72h (GDPR)
AI transparency notice on every AI-assisted deliverable
Annual security testing and periodic access rights review
Easylab Logo

Frequently Asked Questions

By default, we prefer EU datacenters (Frankfurt, Dublin, Tallinn). For each project, hosting is documented and validated with the client.

No. Our providers' APIs (Anthropic, OpenAI) do not use submitted data for model training. This is a built-in property of API usage, not a configuration option.

As a deployer, we classify each deployed AI system according to the AI Act risk categories. For limited-risk systems, we implement the transparency obligations (Art. 50) and documentation. Human oversight is mandatory before any deliverable dissemination.

GDPR-compliant data protection clauses are integrated into our service agreements according to project requirements. They cover processor obligations and applicable technical and organisational security measures.

We apply notification within 48h (DORA) and 72h (GDPR). Each incident is documented with: nature, scope, affected systems and data, corrective measures and remediation plan.

Our contracts grant the client, its mandatees and supervisory authorities (CSSF, CNPD) audit, inspection and access rights to premises, systems and logs, in accordance with DORA and GDPR requirements.

Cookie Preferences

We use cookies to enhance your browsing experience and analyze our traffic. Please choose your preferences below.

Easylab.ai AI Assistant

Hello! I'm the specialized Easylab.ai AI assistant. I can only answer questions about our AI services, products, or artificial intelligence technology in general. How can I help you today?